Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3524

A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Published

2020-09-24T18:15:21.620

Last Modified

2024-11-21T05:31:14.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe_rom_monitor	< 16.2\(1r\)	Yes
Hardware	cisco	4221_integrated_services_router	-	No
Hardware	cisco	4331_integrated_services_router	-	No
Hardware	cisco	4431_integrated_services_router	-	No
Hardware	cisco	4461_integrated_services_router	-	No
Operating System	cisco	ios_xe_rom_monitor	< 15.6\(18r\)	Yes
Hardware	cisco	asr-920-10sz-pd	-	No
Hardware	cisco	asr-920-12cz-a	-	No
Hardware	cisco	asr-920-12cz-d	-	No
Hardware	cisco	asr-920-12sz-a	-	No
Hardware	cisco	asr-920-12sz-d	-	No
Hardware	cisco	asr-920-20sz-m	-	No
Hardware	cisco	asr-920-24sz-im	-	No
Hardware	cisco	asr-920-24sz-m	-	No
Hardware	cisco	asr-920-24tz-m	-	No
Hardware	cisco	asr-920-4sz-a	-	No
Hardware	cisco	asr-920-4sz-d	-	No
Hardware	cisco	asr_920u-12sz-im	-	No
Operating System	cisco	ios_xe_rom_monitor	< 16.2\(1r\)	Yes
Hardware	cisco	asr_1000-x	-	No
Hardware	cisco	asr_1001	-	No
Hardware	cisco	asr_1001-x	-	No
Hardware	cisco	asr_1002	-	No
Hardware	cisco	asr_1002-x	-	No
Hardware	cisco	asr_1004	-	No
Hardware	cisco	asr_1006	-	No
Hardware	cisco	asr_1013	-	No
Operating System	cisco	ios_xe_rom_monitor	< 16.4\(1r\)s	Yes
Hardware	cisco	cbr8	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)